// @include "../../../scripts/spket.js"

(function() {
	var log = panda.log("proxy.security");

	proxy.security = { priority: 80 };

	proxy.security.page = {
		priority: 100,
		expr: /^page./,
		func: function(name, method, args) {
			var req = args[1];
			var role = req.session.getAttribute("user.role") + "";

			if (role === "admin") {
				return this[method].apply(this, args);
			} else {
				log.info("Redirect to login page.");
				return panda.render("login");
			}
		}
	}

	proxy.security.api = {
		priority: 100,
		expr: /^api\./,
		func: function(name, method, args) {
			if (name === "api.auth") {
				return this[method].apply(this, args);
			}

			var req = args[1];
			var res = args[2];
			var role = req.session.getAttribute("user.role") + "";

			if (role === "admin") {
				return this[method].apply(this, args);
			} else {
				log.info("Unatherized access.");
				res.sendError(res.SC_UNAUTHORIZED);
				return null;
			}
		}
	}
}());
